This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.
To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1
Then run this:
./gentree.py --git-revision v4.14-rc2 --clean <path to linux repo> ../backports-4.14-rc2-1
This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found
Adding a shebang line in version.sh seems to solve it.
Fixes FS#977.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.
The following CVEs were fixed in 21014d9708:
CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This is to eliminate any ambiguity about the cyassl/wolfssl lib.
The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.
It's a good idea to keep up with the times (moving forward).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```
Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```
Thanks to @lynxis for pointing out the commas.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
Changes:
89d1b80 xt_condition: namespace support #2
c839e87 xt_geoip: check for allocation overflow
a587f95 compat_xtables: use more accurate printf format for NIPQUAD
1874fcd xt_DNETMAP: fix a buffer overflow
21ea7b7 xt_LOGMARK: resolve new gcc7 warnings
ee8da2b build: support for Linux 4.12
19a4359 xt_condition: add support for namespaces
1b37966 xt_psd: resolve compiler warning
Tested on cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
c1a03e8 nl80211: request split information about frequencies
5638567 nl80211: store info about freq being not available for some bandwidths
ce51cb8 Allow storing more info about each frequency
5c10efa nl80211: support receiving split frequencies
335967c nl80211: improve error handling
ab089dd nl80211: propagate netlink errors to callers
7bba117 nl80211: handle netlink errors in nl80211_wait()
d22c64c iwinfo: add device id for Ubiquiti NanoStation Loco M2
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Intent is to link against it, and have the option to
not install the ipset utility (if needed).
One example/use-case is keepalived (from package)
feeds, where it would be nice to just depend on a
`libipset` (sub)package.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
The dep for the nftables support was wrong, if someone actually enable
that option gain a compilation error. This fix this problem.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Commit f4e312ddf8 adds libnetlink to
staging dir but did not add the header files libgenl.h and ll_map.h
which define functions belonging to libnetlink lib
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Make scan output useful for 802.11s meshes. The common print_ssid function
is used, so this doesn't add any additional code.
Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add actual mirror and use main site as last resport
Source: http://www.tcpdump.org/mirrors.html
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
The kernel unconditionally pulls in a header file that defines
'current', which conflicts with the lua extension code.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Pass down TARGET_CPPFLAGS for path to header files, and append the
libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end
of the command line as is required by modern GCC/binutils.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This reverts the following commits:
fbe522d120278ad007ee863888e44f96daf6352fcfd83555fc
This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the folowing security problems:
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
uqmi has the possibility to allow the modem to start a regsitration
process only to this specified plmn
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Update tc to track upstream cake changes:
diffserv3 - a simple 3 tin classifier
Also make diffserv3 and triple-isolate default
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Add uqmi 'sync' command call to release stalled cid when preparing to
setup new connection. As a result it prevents 'POLICY MISMATCH' errors.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
8ceeab6 uqmi: Change returned value to QMI_CMD_REQUEST for 'sync' command.
1dc7be1 uqmi: Add sync command to release all cids.
Signed-off-by: John Crispin <john@phrozen.org>
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
Add support for specifying a call profile index instead of APN. A
specific index different from 1 must be used for some service
provider and modem combinations.
In addition, change the manufacturer detection to use the standard
AT+CGMI command, which produces more predictable output than ATI,
remove the redundant ipv6 option, since it is less ambiguous to
directly specify the PDP context type with mobile connections, and
fix missing device during teardown when using ncm through the wwan
proto.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Update uqmi to latest version, which brings about support for
specifying a call profile index instead of APN. A specific index
different from 1 must be used for some service provider and modem
combinations.
Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP,
replace option ipv6 with pdptype, which is less ambiguous, and
make autoconnect optional and default it to off for IPv6 due to it
not working with statically configured IPv6.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support new packet overhead passing paradigm in cake qdisc, also restore
DSCP wash/nowash keywords.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Not all kmod packages depends on kmod-ipt-compat-xtables, but this
kernel config option is required for building the whole package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:
270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
Use the new upstream location at netfilter.org and use a define instead
of a patch to "optimize".
See also: https://git.netfilter.org/arptables/log/
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
[Jo-Philipp Wich: add mirror SHA256 sum]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This adds support for "channels" command which displays more details
about channels. It includes e.g. info about available widths.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
"This release fixes a few minor bugs, including a
(non-security-impacting) buffer overflow fix ported
from upstream cjson."
<http://software.es.net/iperf/news.html#iperf-3-1-4-released>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
moving comgt and its modules to WWAN submenu to join uqmi as both are tools for WWAN modems.
I replaced the link with comgt's ubuntu manpage because the old link isn't working anymore.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
For Huawei devices like E3372 proper command for set lte mode is:
AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,
Eval is required for proper quotation.
Without this fix:
Fri Nov 4 19:07:49 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> AT
Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> ATZ
Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATQ0
Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATV1
Fri Nov 4 19:07:54 2016 daemon.notice netifd: wan (2060): sending -> ATE1
Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> ATS0=0
Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov 4 19:07:57 2016 daemon.notice netifd: wan (2060): sending -> AT^SYSCFGEX=\"03\",3fffffff,2,4,7fffffffffffffff,,
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Error running AT-command
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Failed to set operating mode
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2092): Stopping network
...
With this fix:
Fri Nov 4 19:10:59 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> AT
Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> ATZ
Fri Nov 4 19:11:02 2016 daemon.notice netifd: wan (2539): sending -> ATQ0
Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATV1
Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATE1
Fri Nov 4 19:11:04 2016 daemon.notice netifd: wan (2539): sending -> ATS0=0
Fri Nov 4 19:11:05 2016 daemon.notice netifd: wan (2539): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov 4 19:11:06 2016 daemon.notice netifd: wan (2539): sending -> AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,
Fri Nov 4 19:11:07 2016 daemon.notice netifd: wan (2539): sending -> AT^NDISDUP=1,1,"internet"
Fri Nov 4 19:11:08 2016 daemon.notice netifd: wan (2539): Connected, starting DHCP on wwan0
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network device 'wwan0' link is up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network alias 'wwan0' link is up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is enabled
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' has link connectivity
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is setting up now
...
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Rename the "ip" package declaration to "ip-tiny" and let both "ip-tiny" and
"ip-full" provide the virtual "ip" package. This allows users to freely choose
the "ip" command variant while other packages can continue to depend on "ip"
without needing to enforce a specific variant.
Note that this commit does not add busybox as "ip" provider due to
the following reasons:
- The builtin Busybox ip applet cannot be added or removed at runtime
- Both "ip-tiny" and "ip-full" are able to install without file clashes even
if the busybox applet is enabled
- The system is preferring full "ip-tiny" and "ip-full" at runtime, even
if Busybox ip is still present.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
iperf upstream added some bugfixes to the already released 2.0.9 version
without changing the filename. This conflicts with old mirrored files
and the hash that we previously used.
To avoid conflict, use a renamed tarball from mirror2.openwrt.org
containing the new upstream changes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit 8f24ee6382 ("uqmi: Add proper IPv6 support") changed the code
to fetch the IPv4 address via QMI by default instead of using DHCP to
make it consistent with the IPv6 codepath.
This breaks on at least some Sierra Wireless cards, where data exchanges
fail to work until the host has fetched a DHCP lease.
Leave v6 as it is, but always use DHCP for v4.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Fix rt_names build failure when FORTIFY_SOURCE disabled.
Include limits.h which otherwise gets automatically included
by fortify headers.
Solves FS #194
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.
This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The iwinfo library might get compiled with different backends, depending on
the driver selection of the current target, so mark it as nonshared to avoid
broken libiwinfo support on other targets with same cpu architecture but
different wireless driver types.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If option ist not set then ipv6 is still enabled on this Interface.
Check if variable is zero will fix this issue.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
iftop would display portions of mac address with large ffffff prefixes.
Make if_hw_addr type consistent.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Commit d9b20a6f35 (SVN r48426) changed the
mac80211 phy lookup logic to strip the platform/ directory component from
the phy path specification.
Fix iwinfo to follow that logic by trying to lookup phys both with and
without "platform/" prefix.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Cake AQM is experimenting with a codel/blue hybrid AQM COBALT instead
of just using codel alone. This patch updates tc to cope with some new
stats produced by COBALT.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.
Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.
In order to fix the issue ...
- remove the use of the -nostartfiles linker flag
- rename the init procedures to a generic name without implicit semantics
- explicitely annotate those init procedures as constructors
The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add cake support to 'tc' in iproute2
- Use a patch to modify tc instead of adding a new tc-adv package.
Patch creates q_cake.c that matches commit 3314230bc4
- Do not include the other things from tc-adv (cake0, cake2, pie etc.).
V2 - KDB Small update to base on latest cake tc changes (wash option
deprecated)
V3 - KDB Move kmod-sched-cake package to kernel as is kernel related
v4 - KDB Split into individual patches, tc & kmod
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
fixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
- remove crypto auth compile fix
curl changelog of 7.46 states its fixed
- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package
tested on ar71xx w. curl/mbedtls/wolfssl
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.
Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.
Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.
Signed-off-by: Bert Vermeulen <bert@biot.com>
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.
Signed-off-by: Bert Vermeulen <bert@biot.com>
Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and
is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure
on systems which treat macro redefinition as an error
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
lua_packet_segment parameter start has type char pointer; in function lua_tg
it's assigned an uint16 value generating compiler warnings obviously indicating
posssible seg fault problems. Fix the issue by using the correct skb functions
so the parameter points to the position inside the sk_buff
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com>
Fixes build with /bin/sh pointing to certain versions of dash (for example
on Void Linux).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
SVN-Revision: 49218
iptables is the only exception in the package tree, causing patch
behaviour to be inconsistent on this package.
Signed-off-by: Rick van der Zwet <rick.vanderzwet@anywi.com>
SVN-Revision: 48643
This fixes the following security problems:
CVE-2016-0754: remote file name path traversal in curl tool for Windows
http://curl.haxx.se/docs/adv_20160127A.html
CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
http://curl.haxx.se/docs/adv_20160127B.html
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48614
Update to upstream Git HEAD to include VHT rate support and a number of
coverity scan fixes.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48487
This was generating a conffiles list that included the binary
and CONTROL/ files.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
SVN-Revision: 48296
iproute2-4.0 had connmark support added by nbd. This does not work
with 4.x kernels. iproute2-4.3 is the latest version and has his
changes mainlined. This patch updates the package to iproute2-4.3
and fixes the patches so that it compiles. This should resolve
ticket #21374.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
SVN-Revision: 48098
MD5SUM is wrong, it was not updated during last update to v1.4.1.
Thanks to Daniel Dickinson <openwrt@daniel.thecshore.com> for reporting it.
Signed-off-by: Nicolas Thill <nico@openwrt.org>
SVN-Revision: 48017
- 1.4.x has IPv6 support
- set C std explicitly due to gcc 5 changes/old code style of dante
- disable pam via configure vars since detection of without pam option
is broken (-lpam gets linked in if available)
- remove and refresh patches
only compile tested
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 47926
Support next to the non-HT/HT channel widths like HT20 or NOHT also VHT80
channels during the mesh join
iw dev mesh0 mesh join "meshnet" freq 5180 80MHz
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 47782
Fix the id of NL80211_ATTR_WIPHY_ANTENNA_GAIN for antenna_gain command when
using compat-wireless 2015-10-26.
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 47778
Fixes compilation with Linux 4.3. Runtime tested on Ubiquiti EdgeRouter
Lite with Linux 3.18, 4.1 and 4.3.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 47470
as conntrack and conntrackd are completely independent programs,
serving a different purpose.
Also split by other distributions, as Debian and Ubuntu.
Signed-off-by: Ulrich Weber <uw@ocedo.com>
SVN-Revision: 47424
default configuration will fill up disk by
writing /var/log/conntrackd-stats.log
Introduced due init script auto start.
Signed-off-by: Ulrich Weber <uw@ocedo.com>
SVN-Revision: 47422
Update iperf3 to point to the correct project website. Prior URL was the
old iperf2 website.
Signed-off-by: Karl Palsson <karlp@remake.is>
SVN-Revision: 47184
Since r46834, IPv6 support is builtin if selected. Therefor, dependencies
on kmod-ipv6 can no longer be fulfilled, since it is not a module anymore.
Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>
SVN-Revision: 47022
Using protocol qmi does not work since qmi.sh is not executable.
Setting option dhcp explicitely to 0 actually enables it.
This patch fixes both problems.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 47014
By setting the option pdptype to IP, IPV6 or IPV4V6 the user can
choose the context type between IPv4, IPv6 and dual stack,
respectively. The default setting is dual stack, except if option
ipv6=0 is specified, in which case IPv4 context is the default.
This allows for an out-of-the-box IPv6 support with modems
utilizing NCM-like protocols.
While we are at it, also add commands for Sierra DirectIP modems
(currently untested), which will allow us to drop the separate
comgt-directip package (once tested and verified working).
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 46844
Use the new --ip-family option to start both IPv4 and IPv6 sessions
by default. Autoconnect can't be used when starting two sessions,
so revert back to using the client IDs and packet data handles for
handling the network connection.
Some modem firmwares do not implement a RA server, therefore by
default use outband IP configuration and static addressing. Some
other firmwares report bogus IP configuration with the WDS get
current settings command. In this case inband configuration with
DHCP/RA can be optionally enabled by setting option dhcp to 1.
Per 3GPP standard a /64 prefix is served to all clients, which is
extended to LAN as specified in RFC 7278.
v2: Restrict the IPv6 gateway route source address
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 46843
Also drop the configure (not .ac) patch part as autoreconf will
overwrite it anyway with a newly generated version.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
Acked-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 46385
The musl build "fix" introduced in r45108 removed all netinet/ether.h
includes, which made the prototypes of ether_aton and ether_ntoa
unavailable. As a result, the compiler assumed they return int instead
of a pointer. This currupted the pointer on 64bit targets, causing ebtables
to segfault in commands containing MAC addresses.
Since r46161 made it possible to include both the kernel and the libc
if_ether.h as long as the libc version is included first, this patch
changes the fix to remove the linux/if_ether.h from the ebtables source
(so the fixed version from the kernel is used) and ensures netinet/ether.h
is included early.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
SVN-Revision: 46292
This brings curl to version 7.43.0 and contains fixes for the following
security vulnerabilities:
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html
CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html
The 100-check_long_long patch is not needed any more, because the
upstream autoconf script already checks for long long when cyassl is
selected.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46169
* Rework hostapd and wpa_supplicant status parsing code
* Add support for querying available HT rates
* Relax definition of restricted channels
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45766
* drop unused lenient restore patch
* instead of statically linking core extensions, build shared libraries
for reuse in fw3
* strip outdated match revisions and aliases to trim down library size
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45758
The most significant change from the previous version is the trimming of
the 300-ip_tiny.patch to lib/utils.c where a section previously patched
had vanished. That section of the patch was removed.
Built and lightly tested on ar71xx against uClibc and musl.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 45512
it causes problems with newer iptables when ipv6 is disabled as iptc uncoditionally links ip6tc
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45350
This patch adds the wpan-tools (iwpan) utility to OpenWRT
build system. This utility required to manage IEE-802.15.4
devices.
Signed-off-by: Varka Bhadram <varkab@cdac.in>
SVN-Revision: 45349
Below you'll find a patch to add ipmark module support to ipset.
Changeset 44671 already bumped ipset to version 6.24, but it's still
compiled without ipmark support. This is a requirement for mwan3 v1.6.
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
SVN-Revision: 44742
Included you'll find a patch to bump ipset to version 6.24. This
version supports the ip,fwmark set, which is needed for mwan3 1.6.
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
SVN-Revision: 44671
The wwan package holds the hotplug script to set mobile broadband
interfaces (un)available. Add it as a dependency to comgt-ncm,
uqmi and umbim.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44631
Interface should not be set unavailable in all error cases,
returning 1 is enough.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44630
Adds ncm proto to the list of checked protocols, sets interfaces
unavailable on device removal and removes the unnecessary ifup
command.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44629
USB modem data files should be a part of the wwan package, which
actually uses them unlike comgt.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44628
When passing struct termios to ioctl TCGETS and TCSETS should be
used instead of TCGETA and TCSETA, which are meant for the older
struct termio. Should fix https://dev.openwrt.org/ticket/19012
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44506
remove obsolete configuration settings
--disable-thread
--enable-nonblocking
--without-krb4
remove SSPI support
only supported on windows
correct --with/without-ca-path handling
only supported with OpenSSL and PolarSSL
correct LDAP/LDAPS protocol
add dependency libopenldap
added SCP/SFTP protocol
default "No"
depends on libssh2
added IDN support
default "No"
depends on libidn
added SMB protocol (new in 7.40)
default "No"
require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL' selected
added Unix sockets support (new in 7.40)
default "No"
added error verbose messages
default "No"
changes to Makefile
Increase PKG_RELEASE
PKG_CONFIG_DEPENDS and CONFIGURE_ARGS
extended for new functionality
use "autoconf_bool" for all --enable/--disable options
restructure for easier reading
changes to Config.in
extended for new functionality
implement dependencies
restructure and grouping for easier reading
build tested on XUbuntu 14.10 x86 for x86 (generic) and ar71xx (WNDR3800)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 44243
This patch fixes the NCM protocol by adding the missing ifname
to the netifd script and changing one unintended "send" statement to
"print" in runcommand.gcom. It also cleans up logging and makes the
manufacturer names case-insensitive. Furthermore, comgt-ncm should
not depend on the USB-serial-related kernel modules, as the cdc-wdm
control device works without them. There is also no need to depend on
kmod-huawei-cdc-ncm, since other manufacturers (like Sony-Ericsson
and Samsung) which use other kernel modules should also be supported.
I'd appreciate if someone with Samsung or Sony-Ericsson modems could
test this, I was only able to test it with Huawei E3276, E3372 and
E353.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44182
* Update to version 7.40.0
* remove non existing config options around enable/disable HTTPS protocoll
* remove --with-ca-path if ssl support disabled
* set proxy support as default like all versions before CC did
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 44176
Some Huawei mobile broadband sticks utilizing the NCM protocol expose
the control channel as a cdc-wdm device node instead of a virtual TTY.
This device node does not support the terminal ioctls. This patch
adds a check whether the provided device is a TTY or not and does not
attempt to use the terminal ioctls if they are not supported.
v2: reduce diffstat by simplifying code a little
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44054
iproute2 includes "sanitized" linux kernel headers, which work fine for uClibc, however
with musl there is some header conflict, principally some ipv6 structure redefinition. This
patch removes <linux/in6.h> from include/linux/if_bridge.h to solve the problem.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 43992
Target pxcab and ps3 were removed from maintaince in r34764 and r34765
respectively.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 43850
Added complementary blobmsg_close_table() before returning from function
on error.
Signed-off-by: Sławomir Demeszko <s.demeszko@wireless-instruments.com>
SVN-Revision: 43477
Update nf_conntrack_rtsp to latest version based on http://mike.it-loops.com/rtsp/ (rtsp-module-3.7-v2.tar.gz).
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 43311
* fixes a bug in multipart sms
* adds a new call to read the sim phone number (partially functioanl)
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43310
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
SVN-Revision: 43174
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
this proto handler will detect which of 3g, qmi, mbim, ncm or directip you need
for a stick and setup uci automagically
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42837
The AR9580 with the new ID can be found in the EnGenius ESR900 and the
QCA9880 without any subsystem IDs can be found in the EnGenius ESR1750.
Signed-off-by: Forest Crossman <cyrozap@gmail.com>
SVN-Revision: 42793
Instead of connecting once and saving the packet data handle, let the
firmware handle connecting/reconnecting automatically. This is more
reliable and reduces reliance on potentially stale data.
Use the global packet data handle to attempt to disable autoconnect
before restarting the connection. This ensures that the firmware will
take the new APN/auth settings.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 42721
Main changes:
- URL parser: IPv6 zone identifiers are now supported
- cyassl: Use error-ssl.h when available (drop local patch)
- polarssl: support CURLOPT_CAPATH / --capath
- mkhelp: generate code for --disable-manual as well (drop local patch)
Full release notes: http://curl.haxx.se/changes.html
MIPS 34kc binary size:
- 7.36.0 before: 82,539 bytes
- 7.38.0 after: 83,321 bytes
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
SVN-Revision: 42517
This is a bug revealed in r41830.
First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like. This will
happen in the following call stack.
nl80211_get_scanlist("radio0", buf, len);
nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
nl80211_get_scanlist(nif, buf, len); // tail call
nl80211_get_mode(nif);
nl80211_phy2ifname(nif); // zero out nif
Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.
Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
SVN-Revision: 42022
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41945
If the iface to scan on already is in ad-hoc, station or monitor mode
then do not spawn a temporary iface.
Also preventively disable IPv6 on temporary ifaces before bringing them
up to avoid potential security issues.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41830
So far iwinfo aborted a wifi scan attempt if the mac of the spawned
interface could not be changed. Change the code to try anyway - this
should fix wifi scanning on RaLink devices.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41826
In case of .11ac device the hwmode was not properly displayed.
This patch fixes it.
Signed-off-by: Marek Kwaczynski <marek.kwaczynski@tieto.com>
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
SVN-Revision: 40953
when disabling ipv6, the iptables build breaks without a manul clean or this patch
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 40916
Many of the 4G/LTE and 3G modems utilize the QMI-protocol to control the
modem. At the moment there is no support for them in OpenWrt. This
patch adds support for them in the form of a netifd script and a
control utility. Tested with Huawei E398 and ZTE MF820D (which requires
a delay of ~30 s before responding to QMI commands). I put myself up as
the maintainer, feel free to change this if you desire.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 40868
This change creates a new ip-full variant for the ip package.
It disables IP_CONFIG_TINY to make some iproute2 features available like xfrm, gretap, ...
Signed-off-by: Thomas Wouters <thomaswouters@gmail.com>
SVN-Revision: 39854
- update iw to 3.14
- remove some patches that are obsolete
- 200-reduce_size.patch has new coalesce removed from Makefile matching prev. ver
- refresh patches
This increases the size of the binary by 6.7%:
87801 4400 320 92521 16969 iw-3.10/iw
93995 4424 324 98743 181b7 iw-3.14/iw
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 39486
The associations list for Broadcom WDS interfaces are duplicate to those
reported by the corresponding AP interface; so there is no need to report
them again.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 38746
Modify the hwmodelist reporting for broadcom devices to include
proper reporting of 802.11n support.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 38745
A similar change was recently merged in iw commit
58b46da26ab9b5ff31c7033e175351eb1301d9af
Signed-off-by: Bruno Randolf <br1@einfach.org>
SVN-Revision: 38449
There are several cases within 'luci' that attempt to access the interface
'type' from within the 'type' specific meta tables; however, 'type' is not
currently available there. Replicate the common metadata in the 'type'
specific meta tables.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 38448
The reap functionality appears to have been accidentally disabled by
commit 74ded7257e5da5e309844d386290f24ae91950a6 to iptables.git, see:
git://git.netfilter.org/iptables.git
and subsequently in iptables 1.4.15 and later. This adds a patch to
restore reap functionality for recent_opts_v1.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 37328
wpa_supplicant may send log and event messages intermixed with the
expected scan results. This makes "iwinfo wlan0 scan" and LuCI
"site survey" display nothing when many AP's are around.
Eliminate the CTRL-EVENT-BSS-ADDED events, interspersed log messages,
lines with unexpected format. Increase timeout to handle the max
number of channels (2.4, 3.6, 4.9, 5 GHz). Insure receive buffer is
null-terminated.
Signed-off-by: Jean-Pierre Tosoni <jp.tosoni@acksys.fr>
SVN-Revision: 36888
libiptc.pc depends on libip[4|6]tc.pc, thus all of those need to be
installed.
Should fix collectd build and thus #13146; which should make collectd
appear in snapshots again.
Signed-off-by: Danny Baumann <dannybaumann@web.de>
SVN-Revision: 36509
Updated to latest stable version and added an upstream patch to handle
a link failure
Signed-off-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
[dgolle@allnet.de: refreshed patches]
Signed-off-by: Daniel Golle <dgolle@allnet.de>
SVN-Revision: 35250
In particular, it wants to run before the ntpclient script. Which may
block for a long time attempting to do DNS lookups for NTP servers. In
my case, that would have *worked* if the new device had been added to
teql first, rather than timing out.
This was effectively causing a huge delay between an interface coming
up, and routing actually starting to work.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34442
Most significantly, includes IPv6 support. This version forces
libncurses, by patching the configure script, instead of allowing
libncursesw, saving (~65k) image space.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 33782
LEDs brightness is now only updated if the value actually changed, thus reducing
the number of fwrite syscalls significantly.
Signed-off-by: Daniel Golle <dgolle@allnet.de>
SVN-Revision: 33766
